On 09.11, Bjørnar Ness wrote: > 2015-11-09 17:30 GMT+01:00 Patrick McHardy <kaber@xxxxxxxxx>: > > > > [ ... ] > > > Any thoughts about this? > > Could it be possible to automagically insert an "hiden notrack" for the same > packets the synproxy target matches when adding it? > > Ofcorse depends on what this cost really is in terms of performance, but I dont > like the idea of sacrificing performance for a little easier use. > Atleast not for this > module, where the whole point of it beeing able to deal with big pps numbers Problem is that the rule would need to apply to exactly the same packets and its in a different table, its hard to make sure that among updates and other changes to the ruleset. So right now, no. As I mentioned, you could still manually notrack packets. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
